Montag, 2. Februar 2015

Mini-Meta-Messenger

Meta-Data

Intelligence agencies grab our data, and they grab our meta-data. Data is what we write and what we read, meta-data is who is writing it, who reads it and when. From that meta-data one can derive graphs of who is connected with whom and analyse the structure of a certain group, for example people with a differing political opinion. Having this information one can now take out the most important nodes of this graph (i.e. the most important people of the group) and thus destroy it.

In a sense meta-data is even more important to intelligence agencies than the data itself. Because the data that --- for instance --- two people meet to have a cup of coffee is not very meaningful by itself, but if one of the two people were known to be part of a group which threatens the current establishment and the other one a journalist, this message might indeed be of importance. At least it would show a potentially important connection.

Collecting communication data and meta-data threatens democracy. Because if people who speak out against current politics are by default under surveillance --- because everyone is under surveillance --- they will often refrain from speaking out. Surveillance stifles free speech.

Minimizing Meta-data and Data

I want to sketch out a concept of how a messenger could be produced which removes much of the meta-data: the Mini-Meta-Messenger.

Imagine a large dashboard on some server in the internet. Imagine if everyone posted her/his messages to other people on the board. Everyone could just read them. Obviously we don't want everyone to be able to read every message. That's why all these messages would be encrypted with the private key of the sender and the public key of the receiver.

To retrieve the messages for a particular user, this user just has to download all the messages and try to decrypt them with his private key. This will succeed for all the messages which have been encrypted with her/his public key. Hence, s/he would "receive" all messages which belong to her/him.

The remaining data and meta-data is, that a particular person uploaded a message (which cannot be read easily) by the intelligence agencies and many persons downloaded *all* the messages at some later time. There is no exploitable correlation between the two persons who send messages to each other, given that they are not the only ones using the service. Further more, the messages are encrypted, hence as well the data cannot be read by a third party. The only meta-data which would be left is: when is a person writing, how many messages does s/he write and on the other hand who is reading messages and how often.

Of course there is freenet which can do dezentralized full encryption of many services. But it requires effort and skill and time to get started and many people will not find stuff there which matters to them. That's why I think that maybe a simpler approach which is also easier for the people might attract more.

Details

Each person would --- upon assigning to this service --- upload her/his public key. Like that each participant could in principle send messages to every other participant.

Whilst everyone has to download every message (for the sake of hiding the meta-data), one could choose to decrypt only those messages which come from a certain group of persons. Although providing the information of who has sent which message may reveal already too much information.

Probably instead of always decrypting the whole messages, a shorter header could be encrypted separately. A message has been addressed to a particular person if this person succeeds in decrypting the message-header.

A lot of messages are created in a service like facebook etc. A "read all messages" approach doesn't scale well with the number of people. This can be mitigated somewhat by every person posting into a specific channel. Each reader listens to a couple of channels. That way, not all of the members are mixed (and thus the number of messages to read explodes), but still may are mixed and the extraction of meta-data is severely limited.